<? 
	include "./includes/messages.inc.php";
	include "./includes/config.inc.php";
	include "./includes/prepend.inc.php";
	include "./includes/prepend.inc.php"; 
	include "./includes/classes/class.2co.php"; 
?>
<?
	$post = $_POST;
	$co = new TwoCheckout($cfg['2coid'], $cfg['2cohash']);
	$co->Init($_POST);
	if ($co->ProccessSinglePayment())
	{
		// Check for dup transactions
		$rs_keyws = mysql_query("select count(*) as c from PHPAUCTIONW_transactions where transid = '$post[order_number]'") or die(mysql_error());
		$row_rs_keyws = mysql_fetch_assoc($rs_keyws);
		if ($row_rs_keyws["c"] > 0)
		{
			$co->Log("Duplicate transaction!");
			$co->Log($post);
			exit();
		}
		
		// Update order
		mysql_query("update PHPAUCTIONW_transactions set ispaid=1, pamount='$post[amount]', dtpaid = NOW(), gate = '2co', transid = '$post[order_number]', paydetails='".serialize($post)."' where id = '$post[cart_order_id]'") or die(mysql_error());
		
		// Select user
		$rs = mysql_query("select userid, PHPAUCTION_users.* from PHPAUCTIONW_transactions inner join PHPAUCTION_users on PHPAUCTION_users.id = PHPAUCTIONW_transactions.userid where PHPAUCTIONW_transactions.id = '$post[cart_order_id]'") or die(mysql_error());
		$row = mysql_fetch_assoc($rs);
		
		// Update user amount
		mysql_query("update PHPAUCTION_users set balance = balance+'".$row["pamount"]."' where id = '".$row["userid"]."'") or die(mysql_error());
		header('Location: paid.php');
	}
	else
		die("Cannot proccess payment. Please contact administrator.");
	
	$co->Free();

?>
